The canary email trick is clever and the OP's frustration is valid. But the most likely explanation is their data passed through a CRM into an enrichment platform like Apollo, which then made it available to other customers. That's not a breach, i think it's just how these tools are designed to work. Which might be worse because it's happening at scale across thousands of companies. The response could've been better though. When a customer raises something like this you trace the data flow and explain what happened. But the real conversation should be about the enrichment industry itself. Opt-out instead of opt-in became the default and nobody questioned it. That's where regulation needs to catch up, hence singling out individual companies won't fix anything structural